Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
renier_visser-In Employee -11384.pdf
|
PDF document, version 1.7, 0 pages
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\77cd9c33-604b-4682-9a13-1e8333720fc5.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\94fd05f0-8371-44d0-9962-b7d6f865d715.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3cc1c5.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241028164729Z-162.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6892
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIbb566.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-28 12-47-27-937.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\1e6ba065-09c4-4536-bf03-08e9c20515ac.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\33e2b341-a9d2-4a9e-93f6-fce3c5b09867.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\4d571151-6064-403b-80d7-62becc8d18b9.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\d8edc03a-4aef-410f-a133-eea7b090069e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:47:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:47:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:47:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:47:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 15:47:29 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
Chrome Cache Entry: 180
|
ASCII text, with very long lines (48316), with no line terminators
|
dropped
|
||
|
Chrome Cache Entry: 181
|
HTML document, ASCII text, with very long lines (2759), with CRLF line terminators
|
dropped
|
||
|
Chrome Cache Entry: 182
|
ASCII text, with very long lines (47671)
|
dropped
|
||
|
Chrome Cache Entry: 183
|
PNG image data, 18 x 97, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 184
|
ASCII text, with very long lines (65447)
|
dropped
|
||
|
Chrome Cache Entry: 185
|
HTML document, ASCII text, with very long lines (2759), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 186
|
PNG image data, 84 x 99, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 187
|
PNG image data, 84 x 99, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 188
|
ASCII text, with very long lines (47671)
|
downloaded
|
||
|
Chrome Cache Entry: 189
|
ASCII text, with very long lines (47671)
|
downloaded
|
||
|
Chrome Cache Entry: 190
|
ASCII text, with very long lines (48316), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 191
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 192
|
HTML document, ASCII text, with very long lines (6377), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 193
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 194
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 195
|
PNG image data, 34 x 49, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 196
|
PNG image data, 18 x 97, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
Chrome Cache Entry: 197
|
HTML document, ASCII text, with very long lines (2759), with CRLF line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 198
|
ASCII text, with very long lines (65447)
|
downloaded
|
||
|
Chrome Cache Entry: 199
|
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
|
downloaded
|
||
|
Chrome Cache Entry: 200
|
ASCII text, with very long lines (47671)
|
downloaded
|
||
|
Chrome Cache Entry: 201
|
ASCII text, with very long lines (47671)
|
dropped
|
||
|
Chrome Cache Entry: 202
|
PNG image data, 34 x 49, 8-bit/color RGB, non-interlaced
|
downloaded
|
There are 68 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\renier_visser-In Employee -11384.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252
--field-trial-handle=1568,i,8438002774993098221,9784074526197564620,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://img2.leadong-edm.com/c/kdApfqMvoKJU/QLAfUpKvNfga/qpUKqIgnAGdz/jqAKUVFYiwcH?U=https://Vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=2004,i,2892950466930992625,14663560579764141364,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
|
||
|
https://challenges.cloudflare.com/turnstile/v0/b/e1a56f38220d/api.js
|
104.18.94.41
|
||
|
https://chrome.cloudflare-dns.com
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/52iod/0x4AAAAAAAwpjSkOf53RqXnc/auto/fbE/normal/auto/
|
104.18.94.41
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://8sq.w2agn.com/B9Z64HC_oJbkvSmVBaQzfkiG7YNd-0Po/#xrenier_visser@iamgold.com
|
|||
|
https://8sq.w2agn.com/favicon.ico
|
188.114.96.3
|
||
|
https://code.jquery.com/jquery-3.6.0.min.js
|
151.101.66.137
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/
|
188.114.97.3
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8d9c6884aac83168
|
188.114.97.3
|
||
|
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
|
104.17.25.14
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/favicon.ico
|
188.114.97.3
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/shez3/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/normal/auto/
|
104.18.94.41
|
||
|
https://8sq.w2agn.com/B9Z64HC_oJbkvSmVBaQzfkiG7YNd-0Po/
|
188.114.96.3
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/736896047:1730132405:5SGzvlJZj4ad9Fw5YQ-DPoYWF7p9UG71nocFwUBA5ZI/8d9c68ac0f68e79a/_gFYOdWvOno18EFRhpnXawTigdcRjwUS3i.fqCCsr9g-1730134058-1.1.1.1-cLx_S1QbgF9.LxN6AtmEfd6QgduHNIg5gmCjicGVJiRTT3MnfZL.NQSkb4wRylmA
|
104.18.94.41
|
||
|
https://a.nel.cloudflare.com/report/v4?s=dKl9aCl%2FSkgF%2FN25ePb1xCna3q7H99Ks92%2FGL65hfERtBAgm22Bdcs5D1niJ0Xqv%2FPb%2FTAL4uCdGDaEI9H5Eo8Qxc7asvoq1aiWWP6yWF4b036O72UBV3HKpCnFVc0beG93S%2FmOXFU%2FdmLlgvN2vakxtHLgqLJk%3D
|
35.190.80.1
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d9c69278df22e27/1730134081332/8ab4824bd712c48db70a586f4db3523bbce01cf19d29a29c45a25558c454549d/AwHEUhWTjCn8Lyu
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d9c68ac0f68e79a&lang=auto
|
104.18.94.41
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/cdn-cgi/challenge-platform/h/b/flow/ov1/244223768:1730132189:NbzFRZvTcBmmYjVsO5xy0JykfjjXCxNv2Vd8K9KmlQk/8d9c6884aac83168/.dA4utKOCXqNXZ7ka1Dy8Dmaet_UVdAWtZsXKlq57e4-1730134052-1.2.1.1-YB_bFKSHTRqrgWaOlj1EXOYaZKAO68GetFMt5G0UvZHFFnkZOi74rI0vPm2dKjee
|
188.114.97.3
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1575504935:1730132393:tsQBD6pnm-dRZ8ZlJHXvfJ9o3TZjLECqHOVZguSlcVA/8d9c6b17ae923aaf/phHrWSEgkaO_06F33lI9ffv1P4pt8rymxzOY4cyWB4A-1730134158-1.1.1.1-wYIAZ_Bbkih4o4C_Fy0JR15pEMzW4qdIapWRMtYWue1RH4VmlU8jz9iiZIiW1aSQ
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
|
104.18.94.41
|
||
|
https://a.nel.cloudflare.com/report/v4?s=Wkjr9bhACmWCdQsb5KgILKYa7Sic9lFafA3%2Fe2UarypavvCSB%2FwHZf5JuwMPHzNq7qlETp3KSmsFWTZoGmq69ocVLjMRxIjOC%2FLtsOsPb9cOg1SHZ%2BSSrL%2B4dRscMJwIrVNfU8iANNVzpjhm%2FKR6fphj4%2FmQxEE%3D
|
35.190.80.1
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d9c6b17ae923aaf/1730134160237/-JiMk9ZyEBn9URm
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d9c6b17ae923aaf/1730134160233/8a71020ba386488777a483e1ae773c3ccfea843ec9224ce39a3849d2a4a2d100/hrjXq_u_Ts2Gd6l
|
104.18.94.41
|
||
|
https://a.nel.cloudflare.com/report/v4?s=%2F3BkEC3rDOUbHCOb8vJ9zUvIUIwXDLj7jyqvE8ewcIC0SRoZsPtWoVw3k3HThgIVzQXIG1uEY5cLwCetL1FOFv9dA2lG28aBhdTjI%2BHV0cf8ZhAo9KF9JkuAJ19nbg%3D%3D
|
35.190.80.1
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d9c69278df22e27/1730134081331/HTYBVlYO-jFT7-s
|
104.18.94.41
|
||
|
https://8Sq.w2agn.com/B9Z64HC_oJbkvSmVBaQzfkiG7YNd-0Po/
|
unknown
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d9c69278df22e27&lang=auto
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8d9c6b17ae923aaf&lang=auto
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/inwdh/0x4AAAAAAAjGd7wY-0w5WfUZ/auto/fbE/normal/auto/
|
104.18.94.41
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8d9c68ac0f68e79a/1730134061652/A1f9igYSRdqhedP
|
104.18.94.41
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/?__cf_chl_rt_tk=RfTckejA3IsTnmGx2hMxZW0at9qomI1KvAylxSBhkEw-1730134052-1.0.1.1-oWnDs99zxb7jkIe_.4yR5kObhB4Q3c5Vmnk_QRJ_VXc#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
|||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8d9c68ac0f68e79a/1730134061655/15b749dc2006a6f50d892c6ab83b60816ce2a1a6e467e4003a87b35d076d3cae/nYbxm4w-JBYgJQx
|
104.18.94.41
|
||
|
https://a.nel.cloudflare.com/report/v4?s=VnI77UMv%2Fxel4LiWfkTryGeF5PcshH9L2dHVaKi%2FUgF6nQ%2FXioiipm4KVrFXkzrLDAFeOYjaM1f4QQixlS1x%2F60y6X%2FFjYJEelxIx0HukPQFNyza8DSZHskGlPHG1aRT1bs9RXrvzK3cQyecd5z9jIwLIqy0GVA%3D
|
35.190.80.1
|
||
|
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/529245995:1730132305:Laa5oq2m73aFLJir1YIIar-kFQTXq6O2pduGpfcbM2U/8d9c69278df22e27/PxLt5hfjqiTPx0sjtRTM1yJo9d0uOquA7rEns6f87xg-1730134078-1.1.1.1-IuqPdMWPk2MuuPdmgmf36o4gSheMJLGvteZUcwaHmaE8n7ftlDUr4X5m_WkV.81V
|
104.18.94.41
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vokbz-iamgold.mobile-pdfqronline.com
|
188.114.97.3
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
8sq.w2agn.com
|
188.114.96.3
|
||
|
code.jquery.com
|
151.101.66.137
|
||
|
cdnjs.cloudflare.com
|
104.17.25.14
|
||
|
challenges.cloudflare.com
|
104.18.94.41
|
||
|
www.google.com
|
142.250.185.228
|
||
|
img2.leadong-edm.com
|
unknown
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
vokbz-iamgold.mobile-pdfqronline.com
|
European Union
|
|
|
|
142.250.185.228
|
www.google.com
|
United States
|
||
|
104.18.94.41
|
challenges.cloudflare.com
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
104.18.95.41
|
unknown
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
188.114.96.3
|
8sq.w2agn.com
|
European Union
|
||
|
151.101.66.137
|
code.jquery.com
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
104.17.25.14
|
cdnjs.cloudflare.com
|
United States
|
There are 1 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
There are 8 hidden registries, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/?__cf_chl_rt_tk=RfTckejA3IsTnmGx2hMxZW0at9qomI1KvAylxSBhkEw-1730134052-1.0.1.1-oWnDs99zxb7jkIe_.4yR5kObhB4Q3c5Vmnk_QRJ_VXc#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
https://vokbz-iamgold.mobile-pdfqronline.com/11384/#cmVuaWVyX3Zpc3NlckBpYW1nb2xkLmNvbQ==
|
||
|
https://8sq.w2agn.com/B9Z64HC_oJbkvSmVBaQzfkiG7YNd-0Po/#xrenier_visser@iamgold.com
|
||
|
https://8sq.w2agn.com/B9Z64HC_oJbkvSmVBaQzfkiG7YNd-0Po/#xrenier_visser@iamgold.com
|